This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Application Security Guide For CISOs Project"
(Page content) |
|||
(18 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:CISO-Guide-header.jpg|link=]]</div> | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:CISO-Guide-header.jpg|link=]]</div> | ||
+ | <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div> | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
Line 8: | Line 9: | ||
==OWASP Application Security Guide For CISOs== | ==OWASP Application Security Guide For CISOs== | ||
− | Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. The Application Security Guide For CISOs seeks to help CISOs manage application security programs according to | + | Among application security stakeholders, Chief Information Security Officers (CISOs),are responsible for application security from governance, compliance and risk perspectives. The Application Security Guide For CISOs seeks to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout the guide. |
+ | |||
==Introduction== | ==Introduction== | ||
The purpose of this document is to guide the CISO in managing application security from initial problem statement to delivery of the solution. We start this journey with the creation of the business cases for investing in application security following with the awareness of threats targeting applications, the identification of the economical impacts, the determination of a risk mitigation strategy, the prioritization of the mitigation of the risk of vulnerabilities, the selection of security control measures to mitigate risks, the adoption of secure software development processes and maturity models and we conclude this journey with the selection of metrics for reporting and managing application security risk. | The purpose of this document is to guide the CISO in managing application security from initial problem statement to delivery of the solution. We start this journey with the creation of the business cases for investing in application security following with the awareness of threats targeting applications, the identification of the economical impacts, the determination of a risk mitigation strategy, the prioritization of the mitigation of the risk of vulnerabilities, the selection of security control measures to mitigate risks, the adoption of secure software development processes and maturity models and we conclude this journey with the selection of metrics for reporting and managing application security risk. | ||
+ | |||
==Objectives== | ==Objectives== | ||
Line 24: | Line 27: | ||
* Institute application security training for developers and managers | * Institute application security training for developers and managers | ||
* Measure and manage application security risks and processes | * Measure and manage application security risks and processes | ||
+ | |||
==Licensing== | ==Licensing== | ||
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. | The OWASP Application Security Guide For CISOs is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. | ||
+ | |||
+ | © OWASP Foundation | ||
Line 64: | Line 70: | ||
== Quick Access == | == Quick Access == | ||
− | * [[Application Security Guide For CISOs]] | + | * Application Security Guide For CISOs v1.0 EN |
+ | ** [[Application Security Guide For CISOs |HTML]] | ||
+ | ** [https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf PDF] | ||
+ | ** [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html Hardcopy] | ||
== News and Events == | == News and Events == | ||
− | * [20 Nov 2013] The CISO Guide will be at [https://appsecusa.org/ AppSec USA] | + | * [20 Nov 2013] The [http://appsecusa2013.sched.org/event/d4023831663d85d7fd87294e36e631ac?iframe=yes&w=990&sidebar=yes&bg=no#?iframe=yes&w=990&sidebar=yes&bg=no CISO Guide and CISO Survey 2013] will be presented at [https://appsecusa.org/ AppSec USA] |
− | * [ | + | * [07 Nov 2013] Version 1.0 (stable) issued |
− | |||
− | |||
− | |||
− | |||
== In Print == | == In Print == | ||
− | This project can be purchased as a print on demand book from Lulu.com | + | |
+ | [[File:Ciso-guide-book-small.jpg|link=http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html]] | ||
+ | |||
+ | This project can be purchased as a [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html print on demand book] from Lulu.com. | ||
Line 90: | Line 98: | ||
|- | |- | ||
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | ||
+ | |- | ||
+ | | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]] | ||
|} | |} | ||
Line 108: | Line 118: | ||
= Road Map and Getting Involved = | = Road Map and Getting Involved = | ||
− | As of | + | As of 8 November 2013, the priorities are: |
− | * | + | * Announce and promote v1.0 at AppSec USA |
− | * | + | * Gain support and additional contributors |
− | + | * Translate book | |
− | * | ||
− | Involvement in the development and promotion of | + | Involvement in the development and promotion of the CISO Guide is actively encouraged. |
You do not have to be a security expert in order to contribute. | You do not have to be a security expert in order to contribute. | ||
Some of the ways you can help: | Some of the ways you can help: | ||
Line 120: | Line 129: | ||
* Graphical design for the book cover and diagrams | * Graphical design for the book cover and diagrams | ||
+ | Please participate through the project's [https://lists.owasp.org/mailman/listinfo/owasp_application_security_guide_for_cisos mailing list]. | ||
+ | |||
+ | = Releases = | ||
+ | |||
+ | == Current version == | ||
+ | |||
+ | v1.0 (Stable) | ||
+ | * EN | ||
+ | ** [[Application Security Guide For CISOs |HTML]] | ||
+ | ** [https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf PDF] | ||
+ | ** [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html Hardcopy] | ||
+ | |||
+ | |||
+ | == Previous versions == | ||
+ | Pre 1.0 versions (alpha and betas) are in the wiki page history at https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs and sub-pages beginning in [https://www.owasp.org/index.php?title=Application_Security_Guide_For_CISOs&dir=prev&action=history August 2011]. | ||
− | =Project About= | + | = Project About = |
− | {{:Projects/OWASP_Application_Security_Guide_For_CISOs_Project}} | + | {{:Projects/OWASP_Application_Security_Guide_For_CISOs_Project | Project About}} |
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] | [[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] |
Latest revision as of 00:21, 3 March 2015
OWASP Application Security Guide For CISOsAmong application security stakeholders, Chief Information Security Officers (CISOs),are responsible for application security from governance, compliance and risk perspectives. The Application Security Guide For CISOs seeks to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout the guide.
IntroductionThe purpose of this document is to guide the CISO in managing application security from initial problem statement to delivery of the solution. We start this journey with the creation of the business cases for investing in application security following with the awareness of threats targeting applications, the identification of the economical impacts, the determination of a risk mitigation strategy, the prioritization of the mitigation of the risk of vulnerabilities, the selection of security control measures to mitigate risks, the adoption of secure software development processes and maturity models and we conclude this journey with the selection of metrics for reporting and managing application security risk.
ObjectivesThe guide assists CISOs manage application security risks by considering the exposure from emerging threats and compliance requirements. The objectives of this guide are to help:
LicensingThe OWASP Application Security Guide For CISOs is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. © OWASP Foundation
|
Core ContentThe CISO guide includes:
PresentationPPTX presentation given at OWASP NYC U.S.A. Chapter Meeting on 15 November 2012
Project LeaderMarco Morana
Related Projects
|
Quick Access
News and Events
In PrintThis project can be purchased as a print on demand book from Lulu.com.
Classifications |
Volunteers
The Application Security Guide For CISOs Project was authored, edited and reviewed by a worldwide team of volunteers. The primary contributors to date have been:
- Tobias Gondrom
- Eoin Keary
- Andy Lewis
- Marco Morana
- Stephanie Tan
- Colin Watson
As of 8 November 2013, the priorities are:
- Announce and promote v1.0 at AppSec USA
- Gain support and additional contributors
- Translate book
Involvement in the development and promotion of the CISO Guide is actively encouraged. You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Review the text
- Graphical design for the book cover and diagrams
Please participate through the project's mailing list.
Current version
v1.0 (Stable)
Previous versions
Pre 1.0 versions (alpha and betas) are in the wiki page history at https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs and sub-pages beginning in August 2011.
what | is this project? |
---|---|
Name: OWASP Application Security Guide For CISOs Project (home page) | |
Purpose:
Draft Version: More info about this project can be found in the introductory page of the guide Application Security Guide For CISOs | |
License: Creative Commons Attribution Share Alike 3.0 | |
who | is working on this project? |
Project Leader(s):
| |
how | can you learn more? |
Project Pamphlet: Not Yet Created | |
Project Presentation: View | |
Mailing list: Mailing List Archives | |
Project Roadmap: View | |
Main links: | |
Key Contacts | |
|